On Tue, 4 Jun 2013, Janusz Harkot wrote:
valid point, but from what you can find on the web, the only solution
provided everywhere was to disable certificate checking… so maybe that's not
me, but this is first time someone spent some time to check whats going on
:)
I don't disagree with
I was trying to to a push some repo over https and after few unsuccessful tries
I've managed to find a problem - multiple virtual SSL servers on one IP address…
Strange was, that initial communication was OK (http GET), but when there was
http POST - git reported error (incorrect certificate).
On Tue, 4 Jun 2013, Janusz Harkot wrote:
Strange was, that initial communication was OK (http GET), but when there
was http POST - git reported error (incorrect certificate). The only
workaround was to disable certificate verification.
My question is: does git support SNI on the https? If so
It does. git uses libcurl for the HTTPS parts and it has support SNI for a
long time, assuming you built libcurl with a TLS library that handles it.
Which libcurl version and SSL backend is this? (curl -V usually tells)
$ curl -V
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0
On Tue, 4 Jun 2013, Janusz Harkot wrote:
Which libcurl version and SSL backend is this? (curl -V usually tells)
$ curl -V
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r
zlib/1.2.5
From what I can tell, that OpenSSL version supports SNI fine and libcurl has
supported
What makes you suggest that's what's happening? Sure, if it would've sent no
or the wrong host name it would probably have that effect.
line:
[36] * Re-using existing connection! (#0) with host (nil)
Any chance you can snoop on the network and the SSL handshake to see who's to
blame?
On Tue, 4 Jun 2013, Janusz Harkot wrote:
What makes you suggest that's what's happening? Sure, if it would've sent no
or the wrong host name it would probably have that effect.
line:
[36] * Re-using existing connection! (#0) with host (nil)
Ah that. Yes, that's a stupid line to show (that
valid point, but from what you can find on the web, the only solution provided
everywhere was to
disable certificate checking… so maybe that's not me, but this is first time
someone spent
some time to check whats going on :)
at least there will be something, maybe this will help someone…
8 matches
Mail list logo
